package/jszip: security bump to version 3.10.0 (fe522b9c) · Commits · Arm Reference Solutions / buildroot

Commit fe522b9c authored Jul 27, 2022 by Fabrice Fontaine Committed by Thomas Petazzoni Jul 27, 2022

package/jszip: security bump to version 3.10.0

- Santize filenames when files are loaded with loadAsync, to avoid "zip
  slip" attacks. The original filename is available on each zip entry as
  unsafeOriginalName. See the documentation.
- Drop patch (already in version)
- Update hash of license file (dual licensing clarification with
  https://github.com/Stuk/jszip/commit/f81c2d700d8e5fec4ed89fb565e4a266bb4dd26e)
- Update indentation in hash file (two spaces)

https://github.com/Stuk/jszip/blob/v3.10.0/CHANGES.md



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

parent e4c81885

Hide whitespace changes

Inline Side-by-side

Please register or to comment